diff options
Diffstat (limited to 'src/charon-cmd/charon-cmd.8')
| -rw-r--r-- | src/charon-cmd/charon-cmd.8 | 161 |
1 files changed, 0 insertions, 161 deletions
diff --git a/src/charon-cmd/charon-cmd.8 b/src/charon-cmd/charon-cmd.8 deleted file mode 100644 index e93cbcf6f..000000000 --- a/src/charon-cmd/charon-cmd.8 +++ /dev/null @@ -1,161 +0,0 @@ -.TH CHARON\-CMD 8 "2013-06-21" "5.1.0" "strongSwan" -.SH "NAME" -charon\-cmd \- Simple IKE client (IPsec VPN client) -.SH SYNOPSIS -.B charon\-cmd -.B \-\-host -.I hostname -.B \-\-identity -.I identity -.B [ options ] -.PP -.SH "DESCRIPTION" -.B charon\-cmd -is a program for setting up IPsec VPN connections using the Internet Key -Exchange protocol (IKE) in version 1 and 2. It supports a number of different -road-warrior scenarios. -.PP -Like the IKE daemon -.BR charon , -.B charon\-cmd -has to be run as -.B root -(or more specifically as a user with -.B CAP_NET_ADMIN -capability). -.PP -Of the following options at least -.I \-\-host -and -.I \-\-identity -are required. Depending on the selected authentication -.I profile -credentials also have to be provided with their respective options. -.PP -Many of the -.BR charon -specific -configuration options in -.I strongswan.conf -also apply to -.BR charon\-cmd . -For instance, to configure customized logging to -.B stdout -the following snippet can be used: -.PP -.EX - charon-cmd { - filelog { - stdout { - default = 1 - ike = 2 - cfg = 2 - } - } - } -.EE -.PP -.SH "OPTIONS" -.TP -.B "\-\-help" -Prints usage information and a short summary of the available options. -.TP -.B "\-\-version" -Prints the strongSwan version. -.TP -.BI "\-\-debug " level -Sets the default log level (defaults to 1). -.I level -is a number between -1 and 4. -Refer to -.I strongswan.conf -for options that allow a more fine-grained configuration of the logging -output. -.TP -.BI "\-\-host " hostname -DNS name or IP address to connect to. -.TP -.BI "\-\-identity " identity -Identity the client uses for the IKE exchange. -.TP -.BI "\-\-eap\-identity " identity -Identity the client uses for EAP authentication. -.TP -.BI "\-\-xauth\-username " username -Username the client uses for XAuth authentication. -.TP -.BI "\-\-remote\-identity " identity -Server identity to expect, defaults to -.IR hostname . -.TP -.BI "\-\-cert " path -Trusted certificate, either for authentication or trust chain validation. -To provide more than one certificate multiple -.B \-\-cert -options can be used. -.TP -.BI "\-\-rsa " path -RSA private key to use for authentication (if a password is required, it will -be requested on demand). -.TP -.BI "\-\-p12 " path -PKCS#12 file with private key and certificates to use for authentication and -trust chain validation (if a password is required it will be requested on -demand). -.TP -.RI "\fB\-\-agent\fR[=" socket ] -Use SSH agent for authentication. If -.I socket -is not specified it is read from the -.B SSH_AUTH_SOCK -environment variable. -.TP -.BI "\-\-local\-ts " subnet -Additional traffic selector to propose for our side, the requested virtual IP -address will always be proposed. -.TP -.BI "\-\-remote\-ts " subnet -Traffic selector to propose for remote side, defaults to 0.0.0.0/0. -.TP -.BI "\-\-profile " name -Authentication profile to use, the list of supported profiles can be found -in the -.B Authentication Profiles -sections below. Defaults to -.B ikev2\-pub -if a private key was supplied, and to -.B ikev2\-eap -otherwise. -.PP -.SS "IKEv2 Authentication Profiles" -.TP -.B "ikev2\-pub" -IKEv2 with public key client and server authentication -.TP -.B "ikev2\-eap" -IKEv2 with EAP client authentication and public key server authentication -.TP -.B "ikev2\-pub\-eap" -IKEv2 with public key and EAP client authentication (RFC 4739) and public key -server authentication -.PP -.SS "IKEv1 Authentication Profiles" -The following authentication profiles use either Main Mode or Aggressive Mode, -the latter is denoted with a \fB\-am\fR suffix. -.TP -.BR "ikev1\-pub" ", " "ikev1\-pub\-am" -IKEv1 with public key client and server authentication -.TP -.BR "ikev1\-xauth" ", " "ikev1\-xauth\-am" -IKEv1 with public key client and server authentication, followed by client XAuth -authentication -.TP -.BR "ikev1\-xauth\-psk" ", " "ikev1\-xauth\-psk\-am" -IKEv1 with pre-shared key (PSK) client and server authentication, followed by -client XAuth authentication (INSECURE!) -.TP -.BR "ikev1\-hybrid" ", " "ikev1\-hybrid\-am" -IKEv1 with public key server authentication only, followed by client XAuth -authentication -.PP -.SH "SEE ALSO" -\fBstrongswan.conf\fR(5), \fBipsec\fR(8) |